Document least privilege kubernetes service account for gitlab runners in k8s
Problem to solve
Gitlab Runner's Kubernetes executor's documentation does not mention which resources in the kubernetes API are needed for runners.
Could you please add role/cluster role template for least privilege service account that can be used for both the runner pod and the pods that execute the build jobs? From quick debugging they both need some permissions.
Trial and error approach on what permissions are needed is a very intensive task.
Kubernetes executor page would probably be the right place to add this information